package com.immortal.core.autoconfigure;

import com.immortal.core.configure.ImConfig;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

/**
 * <p>TODO
 *
 * @author wind
 * @version 1.0
 * @since 2018/12/15
 */

@Configuration
@Order(1)
public class ActuatorWebSecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Autowired
    private ImConfig config;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        if (config.getSecurity() != null && config.getSecurity().getActuator() != null &&
                config.getSecurity().getActuator().getEnabled()) {
            http.requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeRequests()
                    .anyRequest().hasRole("ENDPOINT_ADMIN")
                    .and()
                    .httpBasic();
        } else {
            http.requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeRequests()
                    .anyRequest().permitAll();
        }

    }
}